In a photograph posted online after Snowden revealed himself, his laptop displays a sticker touting the Electronic Frontier Foundation, a longstanding advocate for online rights and staunch opponent of government surveillance. That would have been enough of a warning sign to make it into his file, Smith says, but investigators wouldn’t have come across it because clearance interviews aren’t performed at their homes: “You’re not around that person’s personal belongings to make any other additional observations about that person’s characters”

Anyway, thanks to Smith, the authorities now know what to watch for – open display of affinities with the EFF is enough of a warning sign to make it to file. Take this NSA agent for example, performing devious agitprop in official EFF attire :

Main Core is the code name of a database maintained since the 1980s by the federal government of the United States. Main Core contains personal and financial data of millions of U.S. citizens believed to be threats to national security.

The existence of the database was first reported on in May 2008 :

According to a senior government official… ”There exists a database of Americans, who, often for the slightest and most trivial reason, are considered unfriendly, and who, in a time of panic, might be incarcerated. The database can identify and locate perceived ‘enemies of the state’ almost instantaneously” … One knowledgeable source claims that 8 million Americans are now listed in Main Core as potentially suspect.

Putting this level of paranoia in perspective, Stalin’s Great Purge hit 1% of the population. 8 million is 2.5% of the USA’s population – or about 3% if you exclude children under 15 year old. If you think that 3% of the adult population may be out to get you, then you should probably be very carefully considering the possibility that the problem is actually you.

One former intelligence official described Main Core as “an emergency internal security database system” designed for use by the military in the event of a national catastrophe, a suspension of the Constitution or the imposition of martial law.

Putting aside the question of what actions are appropriate in catastrophic circumstances, should anyone believe that such a database will never be misused ? Secrecy trebles the probability of abuse.

Since 2008, no news has surfaced about Main Core – there is no reason to believe that it is not still maintained, probably under a new code name.

Remember Eisenhower’s 1961 warning against the military–industrial complex in his farewell speech ?

“In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist”

It is still valid today – and in current news in the guise of the intelligence-contractors complex where the consequences of financial corruption also go much beyond mere massive waste of public funds.

The challenge that faces us is not an arms race in communications privacy – hardening helps but it is a tactical countermeasure that does not address the problem systemically.

The way forward is political : democratic control must be reasserted over those entrusted with exceptional means. It is easier said than done, considering the entrenched interests that will obstruct the path ahead – but ignoring the political nature of the challenge will only ensure the continuation of a state of information warfare between the people and the state that used to represent them. A better way exists !

“Back in 2007, Obama said he would not want to run an administration that was “Bush-Cheney lite” He doesn’t have to worry. With prisoners denied due process at Gitmo starving themselves, with the C.I.A. not always aware who it’s killing with drones, with an overzealous approach to leaks, and with the government’s secret domestic spy business swelling, there’s nothing lite about it“.

“This Administration also puts forward a false choice between the liberties we cherish and the security we demand. I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom.

That means no more illegal wire-tapping of American citizens. No more national security letters to spy on citizens who are not suspected of a crime. No more tracking citizens who do nothing more than protest a misguided war. No more ignoring the law when it is inconvenient. That is not who we are. And it is not what is necessary to defeat the terrorists”.

Yes we (probably) can ! (your mileage may vary; this message does not reflect the thoughts or opinions of either myself, my company, my friends, or alter ego; terms are subject to change without notice; this message has not been safety tested for children under the age of 3; any resemblance to actual persons, living or dead, is unintentional and purely coincidental; do not remove this disclaimer under penalty of law; for a limited time only; this message is void where prohibited, taxed, or otherwise restricted; message is provided “as is” without any warranties; reader assumes full responsibility; if any defects are discovered, do not attempt to read them yourself, but return to an authorized service center; read at your own risk; text may contain explicit materials some readers may find objectionable, parental guidance is advised; keep away from pets and small children; some assembly required; not liable for damages arising from use or misuse; may cause random outbursts of extreme violence, or epileptic seizures; actual message may differ from illustration on box; other rules may apply; past performance does not predict future results; see store for details).

Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence.

Above emphasis is mine – “not unilaterally” and “with knowledge of the provider”. Hello, Larry ? Zuck ? Feeling lonely there ? Have you just been hung out to dry by your friend the DNI ?

US Senators don’t seem to have realized the extent of public outrage – witness comments such as “This is nothing particularly new… Every member of the United States Senate has been advised of this”… Mass surveillance ? Yes we can ! All that would not have happened if Obama had been elected.

79. States cannot ensure that individuals are able to freely seek and receive information or express themselves without respecting, protecting and promoting their right to privacy. Privacy and freedom of expression are interlinked and mutually dependent; an infringement upon one can be both the cause and consequence of an infringement upon the other.

80. In order to meet their human rights obligations, States must ensure that the rights to freedom of expression and privacy are at the heart of their communications surveillance frameworks.

81. Communications surveillance should be regarded as a highly intrusive act that potentially interferes with the rights to freedom of expression and privacy and threatens the foundations of a democratic society.

Clear enough for y’all ? The report was in no way aiming at the US of A but today’s revelations makes it difficult to read it without thinking about them…

Mass surveillance is like searching every single home in the whole country because some of them might hide something illegal. With such massive indiscriminate intrusion in private lives, secrecy isn’t kept to avoid “tipping off the target” – it is about avoiding legitimate public outrage at misguided actions outside of any effective control, that undermine the very foundations of what we strive for.

« I think that “data” is the great revolution we are currently living. [..] Take the case of insurance : ADN decoding for € 100 means that, in fifteen years, your insurance will be tailored to your genetic risks. »

If this makes your stomach churn, you are not alone – upon reading it I was aghast : not only because an opinion leader entertains such unethical thoughts, but also because someone in charge of recommending a national industrial policy shows ignorance of how illegal genetic discrimination already is.

In 1994, the Law n. 94-653 on respect for the human body introduced new provisions on genetic testing and DNA identification into the French Civil Code. According to article 16-10, the genetic study of the characteristics of a person may be undertaken only for medical purposes or for scientific research.

The Code of Public Health affirms this principle but adds that genetic tests can only be realized “in the patient’s interest”(Art L. 145-15-1). This necessarily excludes every genetic test contrary to the patient’s interest. Consequently genetic testing for the purpose of the conclusion of an insurance contract is prohibited.

Article 25 of Chapter III on the identification of persons and their genetic characteristics by genetic examination reads as follows: it is not allowed to carry out genetic examinations on the characteristics of persons other than for reasons of medical or scientific research or in cases provided by law. The consent of the person involved is needed before examinations are carried out, except in case of medical necessity.

The use of information about an individual which has been obtained by studying his genetic characteristics other than for medical purposes for scientific research is punishable with one year’s imprisonment and a fine of 15.000 Euro (article 226-26 Penal Code).

French bioethics legislation specifically prohibits access by any third party, notably employers and insurance companies, to information held in databanks and makes it illegal for them to ask individuals to provide such information.

While this seems to prohibit insurers from using genetic tests for underwriting purposes, it does not prevent insurers from obtaining genetic-test information from medical files. Under public pressure, however, in 1994 the French Federation of Insurers imposed a moratorium on its members. This moratorium implies that insurers may not take the results of genetic characteristics (unfavourable or favourable test results) of a candidate insured into account even if the candidate insured offered the information by himself. Initially the moratorium was adopted for five years, which coincides with the 5-year period upon expiry of which the law n. 94-653 of July 29, 1994 was to revised. In 1999 the insurers have extended the moratorium for another five years, i.e. until the year 2004. The underlying idea of the moratorium is that the experimental character of the genetic information prohibits to use it for purposes such as insurance contracts. This implies that insurers may not ask questions related to genetic tests and their results in risk questionnaires. Moreover, insurers may not ask the candidate insured to undergo genetic tests or to give them the results of previous tests.

The Universal Sickness Cover Act (CMU) ( Loi n°99-641 du 27 Juillet 1999 portant création d’une couverture maladie universelle. Lois et Décrets 99, 28 Juillet 1999.) in particular Section 5 entitled “Social and health modernization” states that any use of genetic testing by complementary insurance and health insurance bodies is prohibited. According to article 62 of the Act, such bodies “may not take account of the results of a genetic study of the characteristics of a person requesting the benefit of supplementary health cover, even if those results are provided by himself or herself. Moreover they may not ask any question relating to genetic tests and the results thereof, nor ask for anyone to undergo genetic testing prior to arranging a contract providing supplementary health cover and for the entire duration thereof”.

The paper I got this information from is ten years old – but no fundamental legislative change has occurred since then. Unless something really terrible happens in French politics, genetic discrimination in insurance will still be illegal in fifteen years – and if I have any say, it will be even more illegal.

Article 322-6-1 of the French Code Pénal punishes with one year in prison and a 15000€ fine “the diffusion by any mean of manufacturing processes for destructive devices made from explosive, nuclear, biological or chemical substances or any product intended for domestic, industrial or agricultural use“.

And someone once again forgot that censoring information locally does not work.

But wait – there is more stupidity… The punishment is tripled (three years in prison and a 45000€ fine) if the information has been published “to an undefined audience on a public electronic communication network“. Why isn’t there a specific punishment for posting on a billboard too ? Once again, in yet another country, the use of electronic tools is an aggravating circumstance. As electronics pervade our whole lives, isn’t that entirely anachronistic ?

This isn’t even trademark bullying – trademark bullying looks sane in comparison to such blatant appropriation of the English language. I find myself wondering why Openstreetmap is yielding to it. Is a cease & desist letter all it takes ?

Precautionary appeasement measures may be best to protect one’s material interests in the strictest sense and in the short term. But while the wisdom of precaution before rash reaction may be acknowledged, does one really want to project the image of a mark that can be easily pushed around ? Is that in one’s best interests ? And in Openstreetmap’s case, are those the actions that best foster the spirit embodied by a project whose members have a strong interest in protecting the commons ?

Rousing up a crusade might actually be the rational choice against intellectual property trolls – costly in the short term but rational in the long term. Only in an organized fashion though – the targets of such bullying behaviour stand no chance if they revolt alone – unless they are, like Newegg, financially powerful enough to fight back or if they are members of some intellectual property mutually assured destruction cartel (I’m conflating patents and trademarks, which are very different domains – but they have trolling plagues in common). Even a fairly large project such as Openstreetmap is a soft target that can’t sustainably fight alone.

So sheep banding together to stand their ground and defend the public domain against predators is the only realistic option. The only downside is that we are going to make lawyers rich… We’ll have to live with that and mitigate the bad feelings by favoring intellectual-property lawyers with values favourable to the protection of the public interest. Now, how do the targets of intellectual property trolls connect each other to pool their resources ?

Meanwhile, the verb ‘to geocode’ remains generic English language word and I’ll stand by that even if a US court decides otherwise. Silly fight ? Yes – I have absolutely no skill whatsoever in choosing my battles, but unending masses of people like me is what it will take to wear down intellectual property trolls.

You will certainly be relieved to learn that US government agencies do not spy clandestinely on the data you entrust to Google, Facebook & co.

So stop wondering about dark conspiracies : there are none.

The bad news is that they do it legally instead. Yes – US government agencies can legally access any data stored by non-American citizens at USA-based hosting companies. No warrant required – they can basically help themselves with your data anytime they please and that is entirely legal.

Brazen, isn’t it ? It is called FISAA – for more details, take a look at this European Parliament report. And by the way, I believe that some strong reaction from the European Union has been long overdue.

The silver lining is that European hosts are making good business with everyone who won’t host their data in the USA anymore !

The French interior minister Claude Gueant has decided to launch a viral marketing campaign to spread the notoriety of https://copwatchnord-idf.org, a sousveillance commune attempting to enforce police accountability. Displaying a cunning knowledge of mass communications, he let a court order the whole site made inaccessible; thus drawing the ire of free speech activists and ensuring excellent conditions for a nice Streisand Effect. Even before the court order has been implemented there are already a wealth of alternative ways to access the site’s content – among others I2P, ED2K, Bittorrent and a nicely growing list of mirrors including one on this site (IPv6 only – let’s promote IPv6 while we are at it) which will stay up until I get a court order to take it down or police pressure I can’t handle. Funniest thing is that I haven’t even read the content of the site.

I could have mirrored it anonymously, but civil disobedience doesn’t carry much of a message if you are not ready to do it in your own name: provoking a debate is the whole point of my involvement.

It may surprise you but I agree with the police unions : naming law enforcement officers and systematically exposing their personal data in a manner making them personally more vulnerable to public anger is bad.

So why am I misbehaving by mirroring https://copwatchnord-idf.org on my host ? To have you talk about it. This is about ensuring that no one wants to publish something like Copwatch anymore. Even if law enforcement manages to stomp all the Web ants, technologies such as Tor hidden services and I2P guarantee that there is no way to eradicate information anymore – only to make it more difficult for the non technophile public to reach. So if we don’t want sites like Copwatch, it is the cause that must be attacked – Copwatch is only the symptom of some deeper disease.

In the French republic, law enforcement has a monopoly on legitimate violence, which is a good thing. In addition, law enforcement has powerful surveillance tools – those have never been as powerful as they are now, and their power is still growing. As the popular saying goes : “with great power comes great responsibility” – law enforcement is fine but only if it is accountable. Copwatch’s efforts may be misguided, but they illustrate a growing frustration from those involved in police violence and faced with police impunity: where to turn to for accountability when facing staggering power asymmetry ? They answer by starting an arms race between censor and watchers. No good will come out of that – we must make peace now : accept that censorship is pointless and imagine alternatives that guarantee that cases of illegitimate police violence are treated fairly – or even better, that they don’t happen.

A fight between the people and its own law enforcement is a losing proposition for every party involved – don’t do it ! Instead, make sure that institutional and individual acts of violence are easily documented and brought to court. Law enforcement is viable only if the people trusts its officers, but the relationship between the people and law enforcement is increasingly broken… Can we fix that ?

To make law enforcement officers accountable for their individual acts of violence, data must be collected from witnesses. But how to do it without naming them and exposing their personal data in a manner making them personally more vulnerable to public anger ? My proposal is to make prominent personal identifier displays part of what a law enforcement officer must feature to act legitimately as such. This identifier must point to the individual while keeping him anonymous. It must be displayed large enough to be readable through photography. This is only a single technical proposition, but the general idea to be pushed is for the police to be put under surveillance by the citizens who can easily gather enough information for proper judiciary proceedings while protecting the individuals involved from extra-judiciary threats.

With a culture of accountability in place and enough eyes over the police, sites such as Copwatch would be pointless… Everybody wins. Don’t fear the sunshine and let’s talk about solutions !

Open data is the idea that certain data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control. Share, remix, reuse – just do it for fun, for profit and for the public good… Once the data is liberated, good things will follow ! Alas, some Cassandra beg to differ.

Can the output of a process based entirely on publicly available data be considered unfit for public availability ? As Marek Mahut explains in “The danger of transparency: A lesson from Slovakia“, the answer is ‘yes’ according to a court in Bratislava who ordered immediate censorship of some information produced by an application whose input is entirely composed of publicly available data.

As a French citizen, I’m not surprised – for more than thirty years, our law has recognized how the merging of data sources is a danger to privacy.

Chapter IV, Section 2 : Authorisation
Article 25
I. – The following may be carried out after authorisation by the “Commission nationale de l’informatique et des libertés” , with the exception of those mentioned in Articles 26 (State security and criminal offences processing) and 27 (public processing NIR, i.e. social security number – State biometrics –census – e-government online services):
[..]
5° automatic processing whose purpose is:
– the combination of files of one or several legal entities who manage a public service and whose purposes relate to different public interests;
– the combination of other entities’ files of which the main purposes are different.

Short version : if you want to join data from two isolated sources, you need to ask and receive authorization first, on a case-by-case basis.

Apart from the slight diplomatic problem that this theatrical gesture has little support across Europe and the ethical problem of banking on emotional reaction to jockey for post-revolutionary oil contracts, there is the technical problem of how to proceed against the Libyan air defense network – here are a few extracts from Sean O’Connor’s excellent analysis in May 2010 :

Libya possesses one of the most robust air defense networks on the African continent, falling second only to Egypt in terms of coverage and operational systems. Libyan strategic SAM assets are primarily arrayed along the coastline, ostensibly defending the bulk of the Libyan population and preventing foreign incursion into Libyan airspace.

Part of the current problem stems from international sanctions placed on Libya during the 1980s which effectively stifled any serious chances of upgrading or replacing obsolete systems. The rest of the problem lies in the systems themselves. All three strategic SAM types operated by Libya have been thoroughly exploited by Western intelligence agencies, and many Western nations have faced these same systems in combat at various times, allowing for continued refinement of ECM systems designed to defeat these weapons electronically. Also, no strategic SAM system operated by Libya possesses a multi-target engagement capability. The only SAM sites representing a threat to multiple aircraft are the S-200 locations, as they possess multiple 5N62 (SQUARE PAIR) engagement radars. As such, even though Libyan strategic SAM sites are arrayed to provide overlapping fields of fire while defending a given area, the relatively small number of sites represents a threat to only a small number of targets. As a result, the overall network is easily susceptible to oversaturation.

The second drawback to Libya’s strategic SAM network is one of layout. If it is accepted that older Soviet-era systems may still be reliable against regional aggressors lacking modern, sophisticated EW or ECM suites, the system still has a significant number of gaps that could be exploited. The S-200 represents the only significant over water threat, but is constrained by having a minimum engagement altitude of 300 meters. Any terrain-hugging aircraft or cruise missiles would easily be able to exploit this weakness to approach the Libyan coastline. Once the coastline has been reached, the most obvious point of ingress would be the area adjacent to the Gulf of Sidra, which is devoid of deployed strategic SAM assets. Furthermore, as evidenced in the image seen previously, there are gaps between areas covered by S-75 and S-125 batteries which could also be exploited. This does not of course take into account the presence or performance of interceptors, AAA, or tactical SAM units, as these systems are outside the scope of this analysis.

At the end of the day, the Libyan strategic SAM network requires a massive infusion of new technology to remain viable in the twenty first century. It was not capable of repelling an attack over twenty years ago, and there is no reason to suspect that it will be capable of such action today.

– Against short and medium range systems, the scenario that takes best advantage of the AASM’s capabilities is to locate it approximately using the Spectra. Then, as soon as sufficient location precision has been obtained, an AASM may be fired and forgotten – even at off-boresight angles.

– Against long range systems, low altitude long distance approach using terrain masking is preferred and initial target acquisition by a third party is necessary. The launch sequence is then identical to the other scenario.

No costly and spoofable seeker is required. With a 250 kg munition, the AASM carries three to five times as much explosives as dedicated anti-radar missiles, and airburst makes the most of the fragmentation pattern.

Near-vertical terminal course enhances precision by making errors in the estimation of target altitude much less relevant – an important factor since radio-goniometry’s altitude estimates are much less precise than its measurements in the horizontal plane.

Exploiting mostly existing capabilities of the Rafale and of the AASM, the SEAD mission would once more demonstrate the system’s flexibility.

Now, that article was written by someone from the AASM program at Sagem, so the careful reader might want to discount part of the performance boasts as infomercial propaganda… But if even is just some of it is true, then France is actually taking the lead in a new generation of SEAD capabilities. Nevertheless, this wonderful piece of kit has never been involved in anything more taxing than gunboat diplomacy and neo-colonial policing on the coattails of the USA… No one will believe it works until it is proven in combat against more substantial adversaries. And most important, I have not found confirmation that the SEAD capability of the Rafale+AASM combo has reach operational status.

The AASM itself though has seen action in Afghanistan – so we know it works. Considering that each AASM costs 143k€ and that each Rafale flight hour costs 37k€, the critics humorously calculated that it won’t take that many insurgents for the French state to go broke on bombing budget alone… But we suspect that the real point of using fancy pants Rafale with AASM instead of plain old Mirage 2000 with laser guided bombs is that someone wanted to put the “combat proven” sticker on it to flog it on the international market. With that perspective and Nicolas Sarkozy’s track record of colluding with powerful commercial players, it is easy to imagine a Libyan campaign as a sales demonstration – but of course that would be gross oversimplification : Sarkozy’s diplomatic bet on the protesters for post-revolutionary benefits if not innocent either, but it is a much more serious matter… Though it mostly caters to the same interests.

Various negative political trends in France in recent years have resulted in the country being downgraded to the flawed democracy category. Public confidence in political parties and the government is extremely low. Surveys also show that citizens’ engagement with politics has declined. The degree of popular support for democracy is among the lowest in the developed world. One in seven do not agree that democracy is better than any other form of government. The chasm between the country’s citizens and its political elites has widened. Outbreaks of violent rioting in recent years are another symptom of the country’s political malaise. Under the French political system, the president wields huge power. The autocratic and domineering style of the current president, Nicolas Sarkozy, threatens to undermine democratic traditions. There has been increasing anti-Muslim sentiment and emphasis on the country’s Christian roots during the Sarkozy presidency. Pressure on journalists and the electronic media have led to a decline in media freedoms”.

No need to comment – The Economist’s analysis speaks for itself and I believe it does reflect the situation of my country. What is a French citizen to do ?